From 33876b761d258b8f0af569bb2a5696b8a4098bb6 Mon Sep 17 00:00:00 2001 From: Philipp Schramm Date: Thu, 24 Mar 2022 08:13:50 +0100 Subject: [PATCH] RED-3450 Added digital kms signature --- persistence-service-image-v1/pom.xml | 2 +- .../persistence-service-api-v1/pom.xml | 2 +- .../configuration/DigitalSignatureKms.java | 30 +++++++ .../configuration/DigitalSignatureType.java | 5 ++ .../resources/DigitalSignatureResource.java | 45 +++++++++- .../persistence-service-processor-v1/pom.xml | 2 +- .../DigitalSignatureKmsEntity.java | 45 ++++++++++ .../DigitalSignatureTypeEntity.java | 36 ++++++++ .../service/DigitalSignatureKmsService.java | 78 +++++++++++++++++ .../service/DigitalSignatureService.java | 36 ++++---- .../service/DigitalSignatureTypeService.java | 34 ++++++++ .../DigitalSignatureKmsRepository.java | 9 ++ .../DigitalSignatureTypeRepository.java | 9 ++ .../persistence-service-server-v1/pom.xml | 18 +++- .../DigitalSignatureController.java | 72 +++++++++++++-- .../16-digital-signature-kms.changelog.yaml | 49 +++++++++++ .../db/changelog/db.changelog-master.yaml | 4 +- .../tests/DigitalSignatureTest.java | 82 ++++++++++++++++-- .../src/test/resources/files/TestCert.cer | Bin 0 -> 759 bytes persistence-service-v1/pom.xml | 4 +- pom.xml | 2 +- 21 files changed, 523 insertions(+), 41 deletions(-) create mode 100644 persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureKms.java create mode 100644 persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureType.java create mode 100644 persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureKmsEntity.java create mode 100644 persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureTypeEntity.java create mode 100644 persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureKmsService.java create mode 100644 persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureTypeService.java create mode 100644 persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureKmsRepository.java create mode 100644 persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureTypeRepository.java create mode 100644 persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/16-digital-signature-kms.changelog.yaml create mode 100644 persistence-service-v1/persistence-service-server-v1/src/test/resources/files/TestCert.cer diff --git a/persistence-service-image-v1/pom.xml b/persistence-service-image-v1/pom.xml index add742e67..c867ab34c 100644 --- a/persistence-service-image-v1/pom.xml +++ b/persistence-service-image-v1/pom.xml @@ -12,7 +12,7 @@ persistence-service-image-v1 com.iqser.red.service - 1.0-SNAPSHOT + Banana pom diff --git a/persistence-service-v1/persistence-service-api-v1/pom.xml b/persistence-service-v1/persistence-service-api-v1/pom.xml index 074f7c766..6dab0d30a 100644 --- a/persistence-service-v1/persistence-service-api-v1/pom.xml +++ b/persistence-service-v1/persistence-service-api-v1/pom.xml @@ -6,7 +6,7 @@ persistence-service-v1 com.iqser.red.service - 1.0-SNAPSHOT + Banana 4.0.0 diff --git a/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureKms.java b/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureKms.java new file mode 100644 index 000000000..c96b7da69 --- /dev/null +++ b/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureKms.java @@ -0,0 +1,30 @@ +package com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; +import lombok.NonNull; + +@Data +@NoArgsConstructor +@AllArgsConstructor +@Builder +public class DigitalSignatureKms { + + @NonNull + private String certificateName; + @NonNull + private String kmsKeyId; + @NonNull + private String kmsServiceEndpoint; + @NonNull + private String kmsRegion; + @NonNull + private String kmsAccessKey; + @NonNull + private String kmsSecretKey; + @NonNull + private byte[] certificate; + +} diff --git a/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureType.java b/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureType.java new file mode 100644 index 000000000..8972765b7 --- /dev/null +++ b/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/model/dossiertemplate/configuration/DigitalSignatureType.java @@ -0,0 +1,5 @@ +package com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration; + +public enum DigitalSignatureType { + CERTIFICATE, KMS, HSM; +} diff --git a/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/resources/DigitalSignatureResource.java b/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/resources/DigitalSignatureResource.java index dd5138e6c..2c72d300b 100644 --- a/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/resources/DigitalSignatureResource.java +++ b/persistence-service-v1/persistence-service-api-v1/src/main/java/com/iqser/red/service/persistence/service/v1/api/resources/DigitalSignatureResource.java @@ -1,28 +1,69 @@ package com.iqser.red.service.persistence.service.v1.api.resources; -import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignature; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.ResponseStatus; + +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignature; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureKms; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureType; @ResponseStatus(value = HttpStatus.OK) public interface DigitalSignatureResource { String DIGITAL_SIGNATURE_PATH = "/digital-signature"; + String DIGITAL_SIGNATURE_TYPE_PATH = DIGITAL_SIGNATURE_PATH + "/type"; + String DIGITAL_SIGNATURE_KMS_PATH = DIGITAL_SIGNATURE_PATH + "/kms"; + + String DIGITAL_SIGNATURE_TYPE = "digitalSignatureType"; + String DIGITAL_SIGNATURE_TYPE_VARIABLE = "/{" + DIGITAL_SIGNATURE_TYPE + "}"; + + + @GetMapping(value = DIGITAL_SIGNATURE_TYPE_PATH, produces = MediaType.APPLICATION_JSON_VALUE) + DigitalSignatureType getActiveDigitalSignatureType(); + + + @ResponseStatus(HttpStatus.NO_CONTENT) + @PostMapping(value = DIGITAL_SIGNATURE_TYPE_PATH + DIGITAL_SIGNATURE_TYPE_VARIABLE) + void setActiveDigitalSignatureType(@PathVariable(DIGITAL_SIGNATURE_TYPE) DigitalSignatureType digitalSignatureType); + @ResponseStatus(HttpStatus.CREATED) @PostMapping(value = DIGITAL_SIGNATURE_PATH, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) DigitalSignature saveDigitalSignature(@RequestBody DigitalSignature digitalSignatureModel); + @ResponseStatus(HttpStatus.CREATED) @PutMapping(value = DIGITAL_SIGNATURE_PATH, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) void updateDigitalSignature(@RequestBody DigitalSignature digitalSignatureModel); + @GetMapping(value = DIGITAL_SIGNATURE_PATH, produces = MediaType.APPLICATION_JSON_VALUE) DigitalSignature getDigitalSignature(); + @ResponseStatus(HttpStatus.NO_CONTENT) @DeleteMapping(value = DIGITAL_SIGNATURE_PATH) void deleteDigitalSignature(); + + @ResponseStatus(HttpStatus.CREATED) + @PostMapping(value = DIGITAL_SIGNATURE_KMS_PATH, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) + DigitalSignatureKms saveDigitalSignatureKms(@RequestBody DigitalSignatureKms digitalSignature); + + + @GetMapping(value = DIGITAL_SIGNATURE_KMS_PATH, produces = MediaType.APPLICATION_JSON_VALUE) + DigitalSignatureKms getDigitalSignatureKms(); + + + @ResponseStatus(HttpStatus.NO_CONTENT) + @DeleteMapping(value = DIGITAL_SIGNATURE_KMS_PATH) + void deleteDigitalSignatureKms(); + } diff --git a/persistence-service-v1/persistence-service-processor-v1/pom.xml b/persistence-service-v1/persistence-service-processor-v1/pom.xml index bcca653f1..1a6ca6342 100644 --- a/persistence-service-v1/persistence-service-processor-v1/pom.xml +++ b/persistence-service-v1/persistence-service-processor-v1/pom.xml @@ -6,7 +6,7 @@ persistence-service-v1 com.iqser.red.service - 1.0-SNAPSHOT + Banana 4.0.0 diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureKmsEntity.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureKmsEntity.java new file mode 100644 index 000000000..03359c647 --- /dev/null +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureKmsEntity.java @@ -0,0 +1,45 @@ +package com.iqser.red.service.persistence.management.v1.processor.entity.configuration; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import javax.persistence.Lob; +import javax.persistence.Table; + +import com.iqser.red.service.persistence.service.v1.api.utils.SuppressFBWarnings; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Entity +@Builder +@NoArgsConstructor +@AllArgsConstructor +@Table(name = "digital_signature_kms") +@SuppressFBWarnings("RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE") +public class DigitalSignatureKmsEntity { + + public final static String ID = "CONFIG_ID"; + + @Id + private final String id = DigitalSignatureKmsEntity.ID; + @Column + private String certificateName; + @Column + private String kmsKeyId; + @Column + private String kmsServiceEndpoint; + @Column + private String kmsRegion; + @Column + private String kmsAccessKey; + @Column + private String kmsSecretKey; + @Column + @Lob + private byte[] certificate; + +} diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureTypeEntity.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureTypeEntity.java new file mode 100644 index 000000000..7e7a0762b --- /dev/null +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/entity/configuration/DigitalSignatureTypeEntity.java @@ -0,0 +1,36 @@ +package com.iqser.red.service.persistence.management.v1.processor.entity.configuration; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.Id; +import javax.persistence.Table; + +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureType; +import com.iqser.red.service.persistence.service.v1.api.utils.SuppressFBWarnings; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Entity +@Builder +@NoArgsConstructor +@AllArgsConstructor +@Table(name = "digital_signature_type") +@SuppressFBWarnings("RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE") +public class DigitalSignatureTypeEntity { + + public final static String ID = "CONFIG_ID"; + + @Id + private final String id = DigitalSignatureTypeEntity.ID; + + @Column + @Enumerated(EnumType.STRING) + private DigitalSignatureType digitalSignatureType; + +} diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureKmsService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureKmsService.java new file mode 100644 index 000000000..741f1f7ca --- /dev/null +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureKmsService.java @@ -0,0 +1,78 @@ +package com.iqser.red.service.persistence.management.v1.processor.service; + +import static com.iqser.red.service.persistence.management.v1.processor.utils.MagicConverter.convert; + +import org.springframework.beans.BeanUtils; +import org.springframework.stereotype.Service; + +import com.iqser.red.service.persistence.management.v1.processor.client.PDFTronRedactionClient; +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureEntity; +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureKmsEntity; +import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException; +import com.iqser.red.service.persistence.management.v1.processor.service.persistence.repository.DigitalSignatureKmsRepository; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureKms; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureType; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +@RequiredArgsConstructor +public class DigitalSignatureKmsService { + + private final EncryptionDecryptionService encryptionDecryptionService; + private final DigitalSignatureKmsRepository digitalSignatureKmsRepository; + private final DigitalSignatureTypeService digitalSignatureTypeService; + private final PDFTronRedactionClient pdfTronRedactionClient; + + + public DigitalSignatureKmsEntity saveDigitalSignature(DigitalSignatureKmsEntity digitalSignature) { + + log.info("Validate digital KMS signature before saving"); + pdfTronRedactionClient.testDigitalSignatureKms(convert(digitalSignature, DigitalSignatureKms.class)); + log.info("Digital KMS signature is valid"); + + encrypt(digitalSignature); + var result = digitalSignatureKmsRepository.save(digitalSignature); + digitalSignatureTypeService.setActiveDigitalSignatureType(DigitalSignatureType.KMS); + decrypt(result); + return result; + } + + + public DigitalSignatureKmsEntity getDigitalSignature() { + + return digitalSignatureKmsRepository.findById(DigitalSignatureKmsEntity.ID).map(digitalSignature -> { + DigitalSignatureKmsEntity result = new DigitalSignatureKmsEntity(); + BeanUtils.copyProperties(digitalSignature, result); + decrypt(result); + return result; + }).orElseThrow(() -> new NotFoundException("Digital KMS Signature Not found")); + } + + + public void deleteDigitalSignature() { + + digitalSignatureKmsRepository.deleteById(DigitalSignatureEntity.ID); + } + + + private void encrypt(DigitalSignatureKmsEntity digitalSignature) { + + digitalSignature.setCertificate(encryptionDecryptionService.encrypt(digitalSignature.getCertificate())); + digitalSignature.setKmsKeyId(encryptionDecryptionService.encrypt(digitalSignature.getKmsKeyId())); + digitalSignature.setKmsAccessKey(encryptionDecryptionService.encrypt(digitalSignature.getKmsAccessKey())); + digitalSignature.setKmsSecretKey(encryptionDecryptionService.encrypt(digitalSignature.getKmsSecretKey())); + } + + + private void decrypt(DigitalSignatureKmsEntity digitalSignature) { + + digitalSignature.setCertificate(encryptionDecryptionService.decrypt(digitalSignature.getCertificate())); + digitalSignature.setKmsKeyId(encryptionDecryptionService.decrypt(digitalSignature.getKmsKeyId())); + digitalSignature.setKmsAccessKey(encryptionDecryptionService.decrypt(digitalSignature.getKmsAccessKey())); + digitalSignature.setKmsSecretKey(encryptionDecryptionService.decrypt(digitalSignature.getKmsSecretKey())); + } + +} diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureService.java index 5c4f17ef5..beed5d1f6 100644 --- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureService.java +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureService.java @@ -1,20 +1,22 @@ package com.iqser.red.service.persistence.management.v1.processor.service; +import static com.iqser.red.service.persistence.management.v1.processor.utils.MagicConverter.convert; + +import javax.transaction.Transactional; + +import org.springframework.beans.BeanUtils; +import org.springframework.stereotype.Service; + import com.iqser.red.service.persistence.management.v1.processor.client.PDFTronRedactionClient; import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureEntity; import com.iqser.red.service.persistence.management.v1.processor.exception.BadRequestException; import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException; import com.iqser.red.service.persistence.management.v1.processor.service.persistence.repository.DigitalSignatureRepository; import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignature; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureType; + import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.BeanUtils; -import org.springframework.stereotype.Service; - -import javax.transaction.Transactional; - -import static com.iqser.red.service.persistence.management.v1.processor.utils.MagicConverter.convert; - @Slf4j @Service @@ -24,12 +26,17 @@ public class DigitalSignatureService { private final EncryptionDecryptionService encryptionDecryptionService; private final DigitalSignatureRepository digitalSignatureRepository; private final PDFTronRedactionClient pdfTronRedactionClient; + private final DigitalSignatureTypeService digitalSignatureTypeService; + public void deleteDigitalSignature() { + digitalSignatureRepository.deleteById(DigitalSignatureEntity.ID); } + public DigitalSignatureEntity getDigitalSignature() { + return digitalSignatureRepository.findById(DigitalSignatureEntity.ID).map(digitalSignature -> { DigitalSignatureEntity result = new DigitalSignatureEntity(); BeanUtils.copyProperties(digitalSignature, result); @@ -39,6 +46,7 @@ public class DigitalSignatureService { }).orElseThrow(() -> new NotFoundException("Digital Signature Not found")); } + public DigitalSignatureEntity saveDigitalSignature(DigitalSignatureEntity digitalSignature) { try { @@ -49,23 +57,21 @@ public class DigitalSignatureService { digitalSignature.setPrivateKey(encryptionDecryptionService.encrypt(digitalSignature.getPrivateKey())); digitalSignature.setPassword(encryptionDecryptionService.encrypt(digitalSignature.getPassword())); - return digitalSignatureRepository.save(digitalSignature); + var result = digitalSignatureRepository.save(digitalSignature); + digitalSignatureTypeService.setActiveDigitalSignatureType(DigitalSignatureType.CERTIFICATE); + return result; } + @Transactional public void updateDigitalSignature(DigitalSignatureEntity digitalSignatureModel) { - int updateCount = digitalSignatureRepository.updateDigitalSignature(DigitalSignatureEntity.ID, - digitalSignatureModel.getReason(), - digitalSignatureModel.getLocation(), - digitalSignatureModel.getContactInfo(), - digitalSignatureModel.getCertificateName()); + int updateCount = digitalSignatureRepository.updateDigitalSignature(DigitalSignatureEntity.ID, digitalSignatureModel.getReason(), digitalSignatureModel.getLocation(), digitalSignatureModel.getContactInfo(), digitalSignatureModel.getCertificateName()); if (updateCount == 0) { throw new NotFoundException("Digital Signature Not found"); } - + digitalSignatureTypeService.setActiveDigitalSignatureType(DigitalSignatureType.CERTIFICATE); } - } diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureTypeService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureTypeService.java new file mode 100644 index 000000000..d5e2ae920 --- /dev/null +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/DigitalSignatureTypeService.java @@ -0,0 +1,34 @@ +package com.iqser.red.service.persistence.management.v1.processor.service; + +import org.springframework.stereotype.Service; + +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureTypeEntity; +import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException; +import com.iqser.red.service.persistence.management.v1.processor.service.persistence.repository.DigitalSignatureTypeRepository; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureType; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +@RequiredArgsConstructor +public class DigitalSignatureTypeService { + + private final DigitalSignatureTypeRepository digitalSignatureTypeRepository; + + + public DigitalSignatureType getActiveDigitalSignatureType() { + + return digitalSignatureTypeRepository.findById(DigitalSignatureTypeEntity.ID) + .map(DigitalSignatureTypeEntity::getDigitalSignatureType) + .orElseThrow(() -> new NotFoundException("Digital Signature Type is not defined")); + } + + + public void setActiveDigitalSignatureType(DigitalSignatureType digitalSignatureType) { + + digitalSignatureTypeRepository.save(DigitalSignatureTypeEntity.builder().digitalSignatureType(digitalSignatureType).build()); + } + +} diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureKmsRepository.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureKmsRepository.java new file mode 100644 index 000000000..72f93f326 --- /dev/null +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureKmsRepository.java @@ -0,0 +1,9 @@ +package com.iqser.red.service.persistence.management.v1.processor.service.persistence.repository; + +import org.springframework.data.jpa.repository.JpaRepository; + +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureKmsEntity; + +public interface DigitalSignatureKmsRepository extends JpaRepository { + +} diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureTypeRepository.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureTypeRepository.java new file mode 100644 index 000000000..a014af975 --- /dev/null +++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/persistence/repository/DigitalSignatureTypeRepository.java @@ -0,0 +1,9 @@ +package com.iqser.red.service.persistence.management.v1.processor.service.persistence.repository; + +import org.springframework.data.jpa.repository.JpaRepository; + +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureTypeEntity; + +public interface DigitalSignatureTypeRepository extends JpaRepository { + +} diff --git a/persistence-service-v1/persistence-service-server-v1/pom.xml b/persistence-service-v1/persistence-service-server-v1/pom.xml index e466f986d..c30daf30b 100644 --- a/persistence-service-v1/persistence-service-server-v1/pom.xml +++ b/persistence-service-v1/persistence-service-server-v1/pom.xml @@ -6,7 +6,7 @@ persistence-service-v1 com.iqser.red.service - 1.0-SNAPSHOT + Banana 4.0.0 @@ -22,10 +22,22 @@ com.iqser.red.service search-service-api-v1 + + + com.iqser.red.service + pdftron-redaction-service-api-v1 + + com.iqser.red.service redaction-report-service-api-v1 + + + com.iqser.red.service + pdftron-redaction-service-api-v1 + + com.iqser.red.service @@ -35,6 +47,10 @@ com.iqser.red.service persistence-service-api-v1 + + com.iqser.red.service + pdftron-redaction-service-api-v1 + diff --git a/persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/controller/DigitalSignatureController.java b/persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/controller/DigitalSignatureController.java index c6bb6d654..6e1b7dc96 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/controller/DigitalSignatureController.java +++ b/persistence-service-v1/persistence-service-server-v1/src/main/java/com/iqser/red/service/peristence/v1/server/controller/DigitalSignatureController.java @@ -1,40 +1,96 @@ package com.iqser.red.service.peristence.v1.server.controller; -import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureEntity; -import com.iqser.red.service.persistence.management.v1.processor.service.DigitalSignatureService; -import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignature; -import com.iqser.red.service.persistence.service.v1.api.resources.DigitalSignatureResource; -import lombok.RequiredArgsConstructor; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RestController; - import static com.iqser.red.service.persistence.management.v1.processor.utils.MagicConverter.convert; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RestController; + +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureEntity; +import com.iqser.red.service.persistence.management.v1.processor.entity.configuration.DigitalSignatureKmsEntity; +import com.iqser.red.service.persistence.management.v1.processor.service.DigitalSignatureKmsService; +import com.iqser.red.service.persistence.management.v1.processor.service.DigitalSignatureService; +import com.iqser.red.service.persistence.management.v1.processor.service.DigitalSignatureTypeService; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignature; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureKms; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureType; +import com.iqser.red.service.persistence.service.v1.api.resources.DigitalSignatureResource; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j @RestController @RequiredArgsConstructor public class DigitalSignatureController implements DigitalSignatureResource { + private final DigitalSignatureTypeService digitalSignatureTypeService; private final DigitalSignatureService digitalSignatureService; + private final DigitalSignatureKmsService digitalSignatureKmsService; + + + @Override + public DigitalSignatureType getActiveDigitalSignatureType() { + + return digitalSignatureTypeService.getActiveDigitalSignatureType(); + + } + + + @Override + public void setActiveDigitalSignatureType(@PathVariable(DIGITAL_SIGNATURE_TYPE) DigitalSignatureType digitalSignatureType) { + + digitalSignatureTypeService.setActiveDigitalSignatureType(digitalSignatureType); + + } + @Override public DigitalSignature saveDigitalSignature(@RequestBody DigitalSignature digitalSignature) { + return convert(digitalSignatureService.saveDigitalSignature(convert(digitalSignature, DigitalSignatureEntity.class)), DigitalSignature.class); } @Override public void updateDigitalSignature(@RequestBody DigitalSignature digitalSignature) { + digitalSignatureService.updateDigitalSignature(convert(digitalSignature, DigitalSignatureEntity.class)); } + @Override public DigitalSignature getDigitalSignature() { + return convert(digitalSignatureService.getDigitalSignature(), DigitalSignature.class); } @Override public void deleteDigitalSignature() { + digitalSignatureService.deleteDigitalSignature(); } + + + @Override + public DigitalSignatureKms saveDigitalSignatureKms(@RequestBody DigitalSignatureKms digitalSignature) { + + return convert(digitalSignatureKmsService.saveDigitalSignature(convert(digitalSignature, DigitalSignatureKmsEntity.class)), DigitalSignatureKms.class); + } + + + @Override + public DigitalSignatureKms getDigitalSignatureKms() { + + return convert(digitalSignatureKmsService.getDigitalSignature(), DigitalSignatureKms.class); + } + + + @Override + public void deleteDigitalSignatureKms() { + + digitalSignatureKmsService.deleteDigitalSignature(); + } + } diff --git a/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/16-digital-signature-kms.changelog.yaml b/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/16-digital-signature-kms.changelog.yaml new file mode 100644 index 000000000..db7f13be0 --- /dev/null +++ b/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/16-digital-signature-kms.changelog.yaml @@ -0,0 +1,49 @@ +databaseChangeLog: + - changeSet: + id: add-digital-signature-kms + author: philipp + changes: + - createTable: + columns: + - column: + constraints: + nullable: false + primaryKey: true + primaryKeyName: digital_signature_type_pkey + name: id + type: VARCHAR(255) + - column: + name: digital_signature_type + type: VARCHAR(255) + tableName: digital_signature_type + - createTable: + columns: + - column: + constraints: + nullable: false + primaryKey: true + primaryKeyName: digital_signature_kms_pkey + name: id + type: VARCHAR(255) + - column: + name: certificate_name + type: VARCHAR(255) + - column: + name: kms_key_id + type: VARCHAR(255) + - column: + name: kms_service_endpoint + type: VARCHAR(255) + - column: + name: kms_region + type: VARCHAR(255) + - column: + name: kms_access_key + type: VARCHAR(255) + - column: + name: kms_secret_key + type: VARCHAR(255) + - column: + name: certificate + type: OID + tableName: digital_signature_kms \ No newline at end of file diff --git a/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/db.changelog-master.yaml b/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/db.changelog-master.yaml index e1c4dd304..987eeea6e 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/persistence-service-v1/persistence-service-server-v1/src/main/resources/db/changelog/db.changelog-master.yaml @@ -37,5 +37,5 @@ databaseChangeLog: file: db/changelog/14-add-redaction-source-id.changelog.yaml - include: file: db/changelog/15-dossier-remove-dossier-state.changelog.yaml - - + - include: + file: db/changelog/16-digital-signature-kms.changelog.yaml \ No newline at end of file diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DigitalSignatureTest.java b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DigitalSignatureTest.java index 75c583aee..2135fb6e6 100644 --- a/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DigitalSignatureTest.java +++ b/persistence-service-v1/persistence-service-server-v1/src/test/java/com/iqser/red/service/peristence/v1/server/integration/tests/DigitalSignatureTest.java @@ -1,20 +1,27 @@ package com.iqser.red.service.peristence.v1.server.integration.tests; +import static org.assertj.core.api.Assertions.assertThat; + +import java.nio.file.Files; + +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ClassPathResource; + import com.iqser.red.service.peristence.v1.server.integration.client.DigitalSignatureClient; import com.iqser.red.service.peristence.v1.server.integration.utils.AbstractPersistenceServerServiceTest; import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignature; +import com.iqser.red.service.persistence.service.v1.api.model.dossiertemplate.configuration.DigitalSignatureKms; + import feign.FeignException; -import org.junit.Test; -import org.springframework.beans.factory.annotation.Autowired; - -import static org.assertj.core.api.Assertions.assertThat; - +import lombok.SneakyThrows; public class DigitalSignatureTest extends AbstractPersistenceServerServiceTest { @Autowired private DigitalSignatureClient digitalSignatureClient; + @Test public void testDigitalSignature() { @@ -39,13 +46,11 @@ public class DigitalSignatureTest extends AbstractPersistenceServerServiceTest { assertThat(savedDigitalSignature.getPassword()).isNotEqualTo(loadedSignature.getPassword()); assertThat(savedDigitalSignature.getPrivateKey()).isNotEqualTo(loadedSignature.getPrivateKey()); - digitalSignature.setReason("new test"); digitalSignatureClient.updateDigitalSignature(digitalSignature); loadedSignature = digitalSignatureClient.getDigitalSignature(); assertThat(loadedSignature.getReason()).isEqualTo("new test"); - digitalSignatureClient.deleteDigitalSignature(); try { digitalSignatureClient.getDigitalSignature(); @@ -53,6 +58,69 @@ public class DigitalSignatureTest extends AbstractPersistenceServerServiceTest { assertThat(e.status()).isEqualTo(404); } + } + + + @Test + @SneakyThrows + public void testDigitalSignatureKms() { + + // Arrange + final String certificateName = "certificateName"; + final String kmsKeyId = "kmsKeyId"; + final String kmsAccessKey = "kmsAccessKey"; + final String kmsRegion = "kmsRegion"; + final String kmsSecretKey = "kmsSecretKey"; + final String kmsServiceEndpoint = "kmsServiceEndpoint"; + final byte[] certificate = Files.readAllBytes(new ClassPathResource("files/TestCert.cer").getFile().toPath()); + + DigitalSignatureKms digitalSignature = DigitalSignatureKms.builder() + .certificateName(certificateName) + .kmsKeyId(kmsKeyId) + .kmsAccessKey(kmsAccessKey) + .kmsRegion(kmsRegion) + .kmsSecretKey(kmsSecretKey) + .kmsServiceEndpoint(kmsServiceEndpoint) + .certificate(certificate) + .build(); + + // Act and Assert: Get not existing + try { + digitalSignatureClient.getDigitalSignatureKms(); + } catch (FeignException.FeignClientException e) { + assertThat(e.status()).isEqualTo(404); + } + + // Act and Assert: Save + var savedDigitalSignature = digitalSignatureClient.saveDigitalSignatureKms(digitalSignature); + + assertThat(savedDigitalSignature.getKmsAccessKey()).isEqualTo(digitalSignature.getKmsAccessKey()); + assertThat(savedDigitalSignature.getKmsKeyId()).isEqualTo(digitalSignature.getKmsKeyId()); + assertThat(savedDigitalSignature.getKmsRegion()).isEqualTo(digitalSignature.getKmsRegion()); + assertThat(savedDigitalSignature.getKmsSecretKey()).isEqualTo(digitalSignature.getKmsSecretKey()); + assertThat(savedDigitalSignature.getCertificateName()).isEqualTo(digitalSignature.getCertificateName()); + assertThat(savedDigitalSignature.getKmsServiceEndpoint()).isEqualTo(digitalSignature.getKmsServiceEndpoint()); + assertThat(savedDigitalSignature.getCertificate()).isEqualTo(digitalSignature.getCertificate()); + + // Act and Assert: Get existing + var loadedDigitalSignature = digitalSignatureClient.getDigitalSignatureKms(); + + assertThat(loadedDigitalSignature.getKmsAccessKey()).isEqualTo(digitalSignature.getKmsAccessKey()); + assertThat(loadedDigitalSignature.getKmsKeyId()).isEqualTo(digitalSignature.getKmsKeyId()); + assertThat(loadedDigitalSignature.getKmsRegion()).isEqualTo(digitalSignature.getKmsRegion()); + assertThat(loadedDigitalSignature.getKmsSecretKey()).isEqualTo(digitalSignature.getKmsSecretKey()); + assertThat(loadedDigitalSignature.getCertificateName()).isEqualTo(digitalSignature.getCertificateName()); + assertThat(loadedDigitalSignature.getKmsServiceEndpoint()).isEqualTo(digitalSignature.getKmsServiceEndpoint()); + assertThat(loadedDigitalSignature.getCertificate()).isEqualTo(digitalSignature.getCertificate()); + + // Act and Assert: Delete + digitalSignatureClient.deleteDigitalSignatureKms(); + try { + digitalSignatureClient.getDigitalSignatureKms(); + } catch (FeignException.FeignClientException e) { + assertThat(e.status()).isEqualTo(404); + } } + } diff --git a/persistence-service-v1/persistence-service-server-v1/src/test/resources/files/TestCert.cer b/persistence-service-v1/persistence-service-server-v1/src/test/resources/files/TestCert.cer new file mode 100644 index 0000000000000000000000000000000000000000..4f98abe36c1d9fa46e4244ebbe5c1a1ce2d80892 GIT binary patch literal 759 zcmXqLV)|^*#CUrFGZP~d6B}ba_l#WI!X;;2AN~HbZ&UcoT~4~LPj`ktbY|J@UmIZUFLkDu zt(!NZSM$nAbw&LZ%?B*jJqWnZVrV7)o}Wj_cx$=s_1%H@OwG!E9}89xn>|1AV)1*m z?dz^D)IV34UnLPf`GrUN%GL>AO)vHJ8MoHi`$Xz#+|zi}w(sGr8>cU@^V=S*V0dd+ z_|m3EWdiG+-n7WonWu}sSDv+dlz&c4o~t`=^ZPkRyB65hq_HlyWLqQD-MIJF0~3?% zcQ@b6+PZX_*^OM4^AkLTC;CiNydHdvVZ+CACT2zk#>K)0f(HD+*pL-wWc<&LHfsU?pR=UusTQ)%k#Ac;HPF?AtxoD?Lq&s=woyZfT{P}uId z=ARBSuGasXd{xhI`H4UsiS^UkiZ!~j*OhlN?mqtT(7LYQn_gO+DCH_#%cL?TRO-Vw zCtC~84;=w9l~cN`+@xMMb!&RBlet}3`9l7TqCnP8dy6x_E>%r3x$)x~t1>_P&hp@* zmkFWMcGtIFP=6xJ`^Jpn!_h_)+nG}w4_%uoJ1f-ZPWy)$m9DE!A256$u=QlG-pd!K zUT7JuU;CiQIlI_t6^qB=jGgLXHIH`b?Gt~jFEn2~W=&>Ci2A#Q`oDx%#>-sK)2_I+ YqTsz&+U7$osf#7p`JZ20T5Vkm0BD^l82|tP literal 0 HcmV?d00001 diff --git a/persistence-service-v1/pom.xml b/persistence-service-v1/pom.xml index 1d4b67c71..021a1991e 100755 --- a/persistence-service-v1/pom.xml +++ b/persistence-service-v1/pom.xml @@ -14,7 +14,7 @@ com.iqser.red.service persistence-service-v1 - 1.0-SNAPSHOT + Banana pom @@ -27,7 +27,7 @@ 3.76.0 2.26.0 - 3.44.0 + Apple 3.19.0 diff --git a/pom.xml b/pom.xml index 218958163..f2f7e4c6c 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ persistence-service com.iqser.red.service - 1.0-SNAPSHOT + Banana pom